Category: |
Cryptography |
Author/Contact Info |
C. Prichard |
Description: |
Improved string cipher. Useful in protecting content of HTML textareas where a Javascript implementation is used by the client. The algorithm has also been implemented in Visual Basic.
This improved version uses a randomly sorted key domain table to build a modified key used in a second cipher pass. The key domain now includes ASCII values from 32 to 96 decimal. Output domain is 32 to 159 but the values 128 to 159 are shifted so as to be compatible with all ISO-8859-1 implementations in transmission equipment as well as all Windows implementations.
A patent is being sought to protect the author's right to his own innovation which uses a key attribute to articulate shifts applied to the modified key string. Its thought that the implementation demonstrates that there is some cryptographic value of a somewhat unique key attribute. The attribute is used to mask the values in the modified key as they are taken from the randomly sorted domain table. The attribute is also used to articulate shifts applied to the modified key. Applying these shifts is what creates a difference between the resulting cipher bits applied by very similar keys.
Solving a CipherText message is not trivial. To date it has not been done. An attack will require some known plaintext and sufficient data for frequency analysis. Applying a truncated modified keystring of cipher bits in the second pass diffuses the recurring pattern to N*(N-1) message elements. It also serves to mask the actual key in the event that a message is broken and the same key is used to protect other items. The algorithm uses a data-dependent shift based on message length. This results in two different results when ciphering the word "Hello" and the word "Hello ". The feature is desireable for applications that would apply the same key to a series of short strings.
If required, an ASCII compliant version can be obtained. |
# CipherTextI.pm
#
# Charles Prichard 6-16-01
#
#
#################################################
package CipherTextI;
use strict;
use integer;
use bytes;
#################################################
# PUBLIC Subroutine #
#################################################
sub new($) {
my $class = shift;
my $self = {};
bless $self, ref $class || $class;
$self->{xString} = undef;
$self->{xStr} = undef;
$self->{R_KEY} = undef;
$self->{ATT} = undef;
$self->{S_KEY} = undef;
$self->{cipher_key} = undef;
$self->{RSORT} = [];
$self->init(@_);
return $self;
}
sub init($){
my $self = shift;
my ($params) = shift;
my @temp1 = split /\;/, $params;
my %params = ();
my @temp2=();
foreach my $x (@temp1){
@temp2 = split /\=/, $x;
$self->{$temp2[0]} = $temp2[1];
}
$self->{RSORT} = [3,28,7,5,39,62,34,32,56,18,17,6,29,49,63,45,13,1
+3,29,40,2,17,17,9,12,61,56,23,55,37,31,13,27,52,8,23,38,53,9,60,31,30
+,39,27,37,14,14,34,8,29,58,10,25,3,19,37,11,35,52,39,48,24,22,19];
$self->{S_KEY} = $self->Make_shiftedKeys();
return;
}
#################################################
# PUBLIC Subroutine #
#################################################
sub encipher($) {
my $self = shift;
my $MSG = shift;;
$MSG = $self->Encode($self->Encode($MSG,$self->{R_KEY}),$self->{S_
+KEY});
return $MSG;
}
#################################################
# PUBLIC Subroutine #
#################################################
sub decipher {
my $self = shift;
my $MSG = shift;;
$MSG = $self->Decode($self->Decode($MSG,$self->{S_KEY}),$self->{R_
+KEY});
return $MSG;
}
#################################################
# PRIVATE Subroutine #
#################################################
sub Make_shiftedKeys(){
my $self = shift;
my $shift = $self->setAttribute();
$self->{S_KEY} = $self->modifyKeys();
if (($shift % 2) == 1){$self->{S_KEY} = (substr($self->{S_KEY},1,(
+length $self->{S_KEY})));}
else {$self->{S_KEY} = (substr($self->{S_KEY},0,(length $self->{S_
+KEY}) - 1));}
my $key;
my $v;
for (my $i=0; $i <= ($shift - 1) % length $self->{S_KEY}; $i++){
+
my $key = substr($self->{S_KEY},0,1);
$v = ord($key) - 32;
$self->{S_KEY} = (substr($self->{S_KEY},1,(length $self->{
+S_KEY}) - 1));
$self->{S_KEY} .= chr($v ^ $self->{RSORT}[$v] + 32);
}
return $self->{S_KEY};
}
#################################################
# PRIVATE Subroutine #
#################################################
sub setAttribute(){
my $self = shift;
$self->{ATT} = 0x00;
for (my $i=0; $i < (length $self->{R_KEY}); $i++){
$self->{ATT} = $self->{ATT} ^ (ord(substr($self->{R_KEY},$i,1)
+) - 0x20);
}
return $self->{ATT};
}
#################################################
# PRIVATE Subroutine #
#################################################
sub modifyKeys(){
my $self = shift;
my S_KEY = "";
my $i, $x;
For $x = 1 To length($self->{R_KEY})
$i = ord(substr($self->{R_KEY}, $x, 1)) - 32
S_KEY = S_KEY + Chr(($i ^ $self->{RSORT}[$i] ^ $self->{ATT}) +
+ 32)
Next x
return S_KEY;
}
#################################################
# PRIVATE Subroutine #
#################################################
sub Encode($$){
my $self = shift;
$self->{xString} = shift;
$self->{cipher_key} = shift;
$self->cipher();
return $self->{xStr};
}
#################################################
# PRIVATE Subroutine #
#################################################
sub Decode($$){
my $self = shift;
$self->{xString} = shift;
$self->{cipher_key} = shift;
$self->cipher();
return $self->{xStr};
}
#################################################
# PRIVATE Subroutine #
#################################################
sub cipher(){
my $self = shift;
$self->{xStr} = "";
my $keyval;
my $xch;
my @akeys = split "",$self->{cipher_key};
my $keylen = length $self->{cipher_key};
my $i = (length $self->{xString} % $keylen); # DATA DEPENDENT
+SHIFT
for(my $x=0; $x < length ($self->{xString}); $x++){
$keyval = ord($akeys[$i]) - 0x20;
$xch = ord(substr($self->{xString},$x,1));
if ($xch > 0x7f){ $xch = $xch - 0x21;}
if ($xch > 0x1f){
$xch = ($keyval ^ ($xch - 0x20)) + 0x20; # Apply ciph
+er
}
if ($xch > 0x7f){ $xch = $xch + 0x21;}
$self->{xStr} .= chr($xch);
$i++;
if ($i == $keylen){$i = 0;}
}
return;
}
1;
|
Re (tilly) 1: CipherTextI
by tilly (Archbishop) on Jul 17, 2001 at 07:49 UTC
|
Here are my objections to this post.
- This isn't valid Perl. It won't run.
- Even if it was, you are failing to achieve the
basic level of encryption taken for granted decades ago.
This is an improvement on the xor nonsense that you had
previously. But it isn't much of an improvement.
- The fact that you are trying to get a patent is but
another reason to avoid this. It is possible that you
might get a patent. But that is IMO due to how broken the
patent system is, and not to the merits of your case.
- A basic rule in cryptography is to never trust the
crypanalysis of the author of the code. This applies when
the author is widely recognized as a competent researcher.
It applies doubly when the author is an amateur.
- There are widely available free alternatives which
are much more trustworthy. For instance RSA is no longer
encumbered by a patent, has been analyzed intensely, and
can be used for the application that you mention by
the simple expedient of putting your website on an https
server. That takes care of the details on the server's
end, and the browser will do the rest.
- You still have not realized that your prototypes are
completely being ignored? We went through this before
and I know you didn't believe us then, but it is true.
You would be better off just removing them all because
they are not used on method calls.
In short, I am actively recommending that people not
try to use this. | [reply] |
|
I'm about 3/4ths of the way through The Code Book, and I'm even more amazed at how interesting the task of cryptohacking is, and how much easier it is for the experts to break things than I had ever imagined. Sure, some of it is brilliant strokes, and some of it is dumb luck, but the account of snapping the Enigma machines is a definite page-turner.
The CiperTextI looks like the stuff these guys solve as entrance exams in first year
crypto. {grin}
-- Randal L. Schwartz, Perl hacker
| [reply] |
|
For all interested people I thought I'd add The Codebreakers by David Kahn, the first 'popular-scientific' work in that field (originally from 1967 iirc). I don't know how much overlap there is between this book and The Code Book mentioned by merlyn. But it's a good read - that's what I meant by popular-scientific ;)
-- Hofmator
| [reply] |
|
To get the facts, the Code book was a facinating read (particularly for its nice links back to historic events).
To wet the tastebuds (and pass the hours quite nicely) I've always enjoyed Cryptonomicon by N.S. Its link to reality is a little cloudy at times but it certainly fires up the imagination.
| [reply] |
(Ovid - I think Steeeeeve is lying)
by Ovid (Cardinal) on Jul 17, 2001 at 23:01 UTC
|
Why are you posting this? It won't run. It's poorly structured and it demonstrates that you don't understand some basics about Perl. Ordinarily, I would not be so harsh, but you've been here before and ignored advice from some people you should definitely be paying attention to (merlyn, tilly and others).
Here are a few comments for you:
- You wrote, in response to those who claim that breaking your system should be trivial:
At present the world is working on it, largely because of the most disturbing way it has been implemented.
Yup. Saw it on CNN last night. HEADLINE: "NSA works furiously to break Steeeeeve's encryption algorithm."
Please, credit us with some intelligence. If you want us to believe that the "world is working on it", provide some evidence.
- This ain't Perl:
For $x = 1 To length($self->{R_KEY})
If you are going to lie to us, at least be a bit more clever about it. Your program won't run.
HEADLINE 2: "NSA stops work on Steeeeeve's encryption algorithm after determining that it won't run."
- If you are so good at crypto, could you give us some credentials? Heck, at least provide us with some mathematical evidence that suggests your routine is worth something.
- As tilly has pointed out more than once, prototypes will not work on method calls. Prototypes are checked at compile time. The actual subroutine called by a method call is not determined until run time - too late for the prototype.
I am usually known for being a nice guy. However, I don't appreciate what appears to be someone lying (that someone is you, if it's not perfectly clear), nor do I particularly care for someone who completely fails to learn from his or her mistakes.
Cheers,
Ovid
Vote for paco!
Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.
| [reply] [d/l] |
Hot hot cipher action (boo)
by boo_radley (Parson) on Jul 18, 2001 at 00:51 UTC
|
uh, in other news, this same topic is appearing on perl.com : ciphers and perl.
Interestingly, all of this hoohah may be reduced to
use Crypt::CBC;
$cipher = new Crypt::CBC ($key, 'Twofish');
undef $/; $plaintext = <PLAINTEXT>;
print CIPHERTEXT $cipher->encrypt($plaintext);
I think that cryptography will join CGI as "modules to not reinvent" as far as I'm concerned.
| [reply] [d/l] |
Re: CipherTextI
by tadman (Prior) on Jul 24, 2001 at 00:52 UTC
|
How do you rocket to a high post on the Worst Nodes listing?
I think Steeeeeve has the answer. You post something that
doesn't parse, make huge claims about its functionality
that can't be substantiated, and hint that you are going
to patent it. One of the very few things that could make
this any worse were if it looked like a posted homework
assignment.
"Solving a CipherText message is not trivial. To date it has not been done."
Perhaps no "CipherTextTM" message has been
cracked, if only because nobody felt motivated to do so,
but this CipherTextI program uses very rudimentary XOR
encryption which is virtually trivial to crack, as
evidenced by the recent effort to examine the ActiveState
Perl compiler and rescue some source code. This makes it
only slightly more difficult than cracking, say, ROT-13.
Sorry, Steeeeeve, but arrogance and ignorance are not
desirable traits in this particular community. | [reply] |
Re: CipherTextI
by MeowChow (Vicar) on Jul 18, 2001 at 03:14 UTC
|
For those who wish to satisfy their misplaced curiousity or boredom, what Ste+ve meant was:
## replace modifyKeys with below code
sub modifyKeys {
my $self = shift;
my $S_KEY = "";
my ($i, $x);
for my $x (0..length($self->{R_KEY})-1) {
$i = ord(substr($self->{R_KEY}, $x, 1)) - 32;
$S_KEY .= chr(($i ^ $self->{RSORT}[$i] ^ $self->{ATT}) + 32)
}
return $S_KEY;
}
## fix up the following line in sub cipher() ##
my $i = (length ($self->{xString}) % $keylen); # DATA DEPENDENT SHIF
+T
MeowChow
s aamecha.s a..a\u$&owag.print | [reply] [d/l] |
|
|